Bug #9073
closed
"private-domain" in custom options results in invalid config (syntax error)
0%
Description
Adding the following to the DNS Resolver Custom options field:
private-domain: example.org
...results in the following error:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:/var/unbound/test/unbound.conf:116: error: syntax errorread /var/unbound/test/unbound.conf failed: 1 errors in configuration file
The offending config snippet:
...
# Access lists
include: /var/unbound/test/access_lists.conf
# Static host entries
include: /var/unbound/test/host_entries.conf
# dhcp lease entries
include: /var/unbound/test/dhcpleases_entries.conf
# Domain overrides
include: /var/unbound/test/domainoverrides.conf
# Forwarding
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 9.9.9.9@853
forward-addr: 1.1.1.1@853
# Unbound custom options
private-domain: example.org
...
It's possible that this is a bug in Unbound. I can confirm the issue manually:
[2.4.4-RELEASE][admin@pfsense.example.org]/root: unbound-checkconf /var/unbound/test/unbound.conf /var/unbound/test/unbound.conf:116: error: syntax error read /var/unbound/test/unbound.conf failed: 1 errors in configuration file
If I manually move the private-domain directive above the first include directive, the config passes happily:
[2.4.4-RELEASE][admin@pfsense.example.org]/root: unbound-checkconf /var/unbound/test/unbound.conf unbound-checkconf: no errors in /var/unbound/test/unbound.conf
Updated by Rick White about 7 years ago
Ahah, I think the actual issue is that Custom options are being after the forward-zone directive, which means they no longer fall under the server directive. In my case, private-domain is only applicable within the server clause. I think the fix here is to make sure any Custom options are specified in the config before forward-zone, if used.
Updated by Jim Pingle about 7 years ago
- Status changed from New to Not a Bug
With custom options it is up to the user to ensure the config is in the correct section of the config. For example in this case you probably need a line that says server: before it.
https://www.netgate.com/docs/pfsense/dns/unbound-dns-resolver.html#configuration
Updated by Rick White about 7 years ago
Thanks, Jim! It didn't occur to me that the server block could be specified twice. Can confirm the config now checks out and functions as expected, and the docs you linked to even suggest this as an example. Thanks!